Government to tighten IT security in wake of Wikileaks furore

The ongoing Wikileaks saga has prompted a review of government IT security, while experts urge all CIOs to be more vigilant

The national security adviser to David Cameron has ordered all government departments to review their computer security in the wake of ongoing disclosures by whistle-blowing web site Wikileaks.

"The Prime Minister's national security adviser has written to all departments to ask them to look again at their information security and to provide him with assurance about the level of that information security," said Home Secretary Theresa May.

Wikileaks first appeared on the internet in December 2006, and has since been leaking information relating to politically sensitive government documents. As a result the site has faced international scrutiny, owing to the backlash from international governments branding it a risk to national security.

The scrutiny has resulted in some serious setbacks for the site, most recently Amazon and Paypal have removed services from the site. It has also suffered a series of cyber attacks.

In addition, and more broadly, the ongoing scandal has raised serious questions for governments around data privacy and the security of sensitive information.

"Wikileaks has been ramping up the insider threat level for some time," said Alan Bentley, senior vice-president international at security experts Lumension.

"Security defences are often only bolstered when a risk is proven to have increased and with reams of highly classified information still emerging it is no surprise that a further review of computer security is needed," he added.

"The Wikileaks furore has accelerated the need to change the way that sensitive information is accessed and downloaded. Removable devices have eased the way in which information can be taken out of an organisation and policies must be enforced to prevent unnecessary data removal."

Andrew Kellett, senior analyst at Ovum, said the Wikileaks saga holds lessons for CIOs.

"This goes further than just Wikileaks because it highlights what can happen when you don't have control over your information systems. There are opportunities for information to be leaked out of the organisation, and in most companies it is possible to get hold of sensitive data and copy it without IT knowing this has happened," said Kellett.

"In our experience a lot of IT departments don't have the tools to do the monitoring that is required. We know from a lot of work that has been done in the data loss and prevention area, that organisations don't have the basic tools in place to allow them to be informed and take action when the wrong data is leaving the company," he added.

"CIOs need to ensure all of their devices are properly encrypted."